Android Apps Caught Stealing Users’ Facebook Passwords
Despite Google’s efforts to enhance Android security, recent research has uncovered a concerning trend. Several Android apps available on the Google Play store, with a combined total of over 5.8 million downloads, have been discovered stealing users’ Facebook passwords.
Discovery of Trojan Apps
Security firm Doctor Web identified nine trojan apps masquerading as legitimate photo editing and app lock applications. These malicious apps, collectively amassing millions of downloads, were available for download on the Google Play store.
While some of these apps have been removed by Google following the report’s publication on July 1, 2021, others remained accessible to users.
Exploiting User Trust
The trojan apps deceived users by offering genuine features and encouraging them to log in to their Facebook accounts for additional features and ad-free experiences. Exploiting the widespread use of Google and Facebook login functionality, the apps secretly harvested users’ login credentials.
The exploitation process involved loading the legitimate Facebook login page into a WebView, followed by injecting JavaScript code from a command-and-control (C&C) server. This code intercepted users’ login credentials and transmitted them to the attackers’ servers. Additionally, the trojans stole authentication session cookies, further compromising user security.
Identified Trojan Apps
The following apps were identified as malicious by the report:
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App Lock Manager
- Inwell Fitness
As of July 5, Google has removed all these apps from the Play Store and banned their developers from submitting new apps.
Recommendations for Users
If any of these apps are installed on your device, it is strongly advised to uninstall them immediately. Furthermore, if you used the Facebook login feature within these apps, it is recommended to revoke their access from your Facebook account and change your password to mitigate any potential security risks.
